Firefox users will probably notice that the recently-released version 18 has received a mini-update.

Mozilla's flagship product thus hits 18.0.1.

The good news is that the 21 security fixes that appeared in version 18 haven't needed any fixes of their own.

The new point release mops up three bugs, all of them no doubt annoying to those affected, but none of them security related.

The first fix is for a fault that could prevent automatic proxy configuration.

Proxies are widely deployed in the corporate world as a powerful web security tool. Instead of letting your browser fetch content directly from external websites, many organisations make you connect to a proxy server at the edge of the network instead. The proxy fetches the content, weeds out the dodgy or unwanted stuff, and passes on the rest.

If your browser can't find the right proxy to use, it probably won't be able to browse at all. So proxy autoconfiguration is vital in the business world. Not surprising that Mozilla fixed this fault fast.

The second fix sorts out a bug that can cause the Unity3D browser plugin to crash.

Unity is a games ecosystem, so this fix is much more important at home than at work.

Unless you work for a games company, of course.

The last fix deals with a problem in the newly-added support for Apple's super-high-resolution screens. If you had two screens, one of which wasn't hi-res, browser content could appear on the wrong one.

That's the lot.

It's nice to have a browser update that largely deals with cosmetics rather than patching against known vulnerabilities or in-the-wild exploits.

Having said that, the Unity-related bug was a crash in the strlen() function. Almost certainly not an exploitable crash, but it does sound like incorrect memory usage.

Might as well apply the fix, then, even if you are neither a corporate user nor a gamer.

2 Responses to Firefox update 18 gets an update, but no security problems this time

My laptop updated to Firefox 18.0.1 this morning and it has already crashed half a dozen times. Not a gamer. Don't do anything fancy. I guess it's IE or Chrome for me, unfortunately, until Mozilla stabilizes their release.

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too.
Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009.
Follow him on Twitter: @duckblog